EY comments on EU Comission's Proposed Directive on Network and Information Security

  • Share

Mark Brown, Director of Information Security at EY said:

"The European Commission’s move confirms that cyber security is a growing problem for businesses and governments alike. With 88% of organisations in the UK reporting an increase in cyber attacks, according to our latest Global Information Security Survey, the damage of a breach, not just to individual companies, but the economy as a whole, becomes clear.

"As the world becomes more interconnected so does the way in which it operates and the sharing of information. A new, unified approach that cuts across borders, national infrastructure and capability, as well as across organisations in different countries is needed now more than ever.

"The Commission is right to extend the obligation to report significant cyber incidents beyond telecoms companies to include organisations in the energy, transport, health and eGovernment sectors. But, even that doesn’t go far enough. Services from the online economy that touch the lives of millions of people are now available in every sector.  It is by collaboration and transparency across the business life cycle - from investors right through to customers that awareness can be raised and future incidents can be prevented, while exploiting the full benefits of the online economy.

"This step can only be seen as the beginning of a long and challenging journey. The Commission needs to work with the 27 member states to ensure that the countries lacking the necessary tools to fight cyber threats catch up with those that already have a high level capability in place and that eventually a common reporting mechanism is in place. Businesses also need to understand that the cost of keeping silent and doing nothing to counter cyber threats is far greater than the cost of having a strategic security framework in place."